But according to at least one report, and some experts, it
doesn’t have to be that way. ICIT – the Institute for Critical Infrastructure
Technology – contends in a recent whitepaper that the power of artificial
intelligence and machine learning (AI/ML) can “crush the health sector’s ransomware pandemic.”

It is obvious that the healthcare sector needs better
security. One of the reasons it is such
a popular target is that, as the report notes, the victims are more likely to
pay, since, “every second a critical system remains inaccessible risks the
lives of patients and the reputation of the institution. Hospitals whose patients suffer as a result of
deficiencies in their cyber-hygiene are subject to immense fines and lawsuits.”

…AI/ML can be
three times the cost of anti-virus solutions, he said, “and healthcare
organizations are already fighting for every budget dollar they have.

“If the average cost of a ransomware attack is $300 – which was
reported by the ICIT in 2016 – why would I spend tens of thousands of dollars
more per year to prevent that risk? I’d
need 30 or 40 successful attacks before the cost makes sense.”

…In fact,
although we saw examples of companies using AI in computer-to-computer
transactions such as in recommendation engines that suggest what a customer
should buy next or when conducting online securities trading and media buying,
we saw that IT was one of the largest adopters of AI.And it wasn’t just to detect a hacker’s moves
in the data center. IT was using AI to
resolve employees’ tech support problems, automate the work of putting new systems
or enhancements into production, and make sure employees used technology from
approved vendors. Between 34% and 44% of
global companies surveyed are using AI in in their IT departments in these four
ways, monitoring huge volumes of machine-to-machine activities.

In stark contrast, very few of the companies we surveyed
were using AI to eliminate jobs altogether. For example, only 2% are using artificial intelligence to monitor internal legal
compliance, and only 3% to detect procurement fraud (e.g., bribes
and kickbacks).

What about the automation of the production line? Whether assembling automobiles or insurance
policies, only 7% of manufacturing and service companies are using AI to
automate production activities. Similarly, only 8% are using AI to allocate
budgets across the company. Just 6% are using AI in pricing.

Till some time ago, it was just the deep web or the
darknet — which not everyone knows about and which is not easy to access —
where contraband, porn, fake IDs, credit card details and other hacked user
data were sold.

By moving to the chatting app, such illegal trade is
becoming mainstream, allowing cybercriminals to reach out to India’s huge
userbase of 200 million WhatsApp users.

What’s more, traders can be brazen in their dealings as
they have no fear of being caught. Data privacy laws and WhatsApp’s
encryption policy make it next to impossible for cybercrime authorities to
track such black markets.The
fact that most users on these groups sign up with virtual numbers —
use-and-throw proxy numbers that can be generated using apps — makes it even
more difficult. India’s national
encryption policy draft excludes WhatsApp users from the mandate of keeping a
90-day record of all their encrypted communications.

No one really
knows how the most advanced algorithms do what they do. That could be a problem.

Last year, a strange self-driving car was
released onto the quiet roads of Monmouth County, New Jersey. The experimental vehicle, developed by
researchers at the chip maker Nvidia, didn’t look different from other
autonomous cars, but it was unlike anything demonstrated by Google, Tesla, or
General Motors, and it showed the rising power of artificial intelligence. The car didn’t follow a single instruction provided by an engineer or
programmer. Instead, it
relied entirely on an algorithm that had taught itself to drive by watching a
human do it.

Getting a car to drive this way was an impressive feat. But it’s also a bit unsettling, since it isn’t
completely clear how the car makes its decisions. Information from the vehicle’s sensors goes
straight into a huge network of artificial neurons that process the data and
then deliver the commands required to operate the steering wheel, the brakes,
and other systems. The result seems to
match the responses you’d expect from a human driver. But what if one day it did something
unexpected—crashed into a tree, or sat at a green light? As things stand now, it might be difficult to
find out why. The system is so
complicated that even the engineers who designed it may struggle to isolate the
reason for any single action. And you
can’t ask it: there is no obvious way to
design such a system so that it could always explain why it did what it did.
[Not sure I agree with this.Bob]

…In 2015, a
research group at Mount Sinai Hospital in New York was inspired to apply deep
learning to the hospital’s vast database of patient records. This data set features hundreds of variables
on patients, drawn from their test results, doctor visits, and so on. The resulting program, which the researchers
named Deep Patient, was trained using data from about 700,000 individuals, and
when tested on new records, it proved incredibly good at predicting disease. Without any expert instruction, Deep Patient
had discovered patterns hidden in the hospital data that seemed to indicate
when people were on the way to a wide range of ailments, including cancer of
the liver.There are a lot of methods
that are “pretty good” at predicting disease from a patient’s records, says
Joel Dudley, who leads the Mount Sinai team. But, he adds, “this was just way
better.”

At the same time, Deep Patient is a bit puzzling. It appears to anticipate the onset of
psychiatric disorders like schizophrenia surprisingly well. But since schizophrenia is notoriously
difficult for physicians to predict, Dudley wondered how this was possible. He still doesn’t know. The new tool offers no clue as to how it does
this. If something like Deep Patient is
actually going to help doctors, it will ideally give them the rationale for its
prediction, to reassure them that it is accurate and to justify, say, a change
in the drugs someone is being prescribed. “We can build these models,” Dudley says
ruefully, “but we don’t know how they work.”

As for Kodi boxes, they are becoming increasingly common
as people look to slash their cable bill or cut the cord completely.

…Formerly known
as XMBC, Kodi is a free-to-use open source media player. It acts as a single centralized hub for all
your locally-saved entertainment. It
also lets you watch live TV thanks to its support for most well-known
back-ends, including MediaPortal, MythTV, NextPVR, Tvheadend, and VDR.

…Is Kodi Illegal?

The answer is a resounding No. Kodi is not illegal now and will almost
certainly never become illegal in the future.

In simple terms, Kodi is nothing more than a media app. When you install it on your device, it’s
empty. It’s nothing more than a shell
waiting for you, the user, to populate it with content. No add-ons come pre-packaged, and even if they
did, there is no way the developers would release the app with the illegal ones
baked in.

Kodi even has an official repository for add-ons. Every single one of the add-ons you will find
in it are entirely legal to download and use in every jurisdiction.

Friday, April 14, 2017

Vulnerabilities found by
researchers in Bosch’s Drivelog Connect product can be exploited by hackers to
inject malicious messages into a vehicle’s CAN bus. The vendor has implemented some fixes and is
working on adding more attack protections.

Bosch’s Drivelog Connect is a service that provides
information about the condition of a vehicle, including potential defects,
service deadlines, and data on fuel consumption and driving behavior. The product includes a dongle called Drivelog
Connector, which is connected to the car’s OBD2 diagnostics interface, and a
mobile application that communicates with the dongle via Bluetooth.

Researchers at automotive cybersecurity firm Argus have
identified some potentially serious vulnerabilities
in the communications between the mobile app and the dongle.

Hampered by widespread resistance
from civil rights groups, backers of a bill that
would allow California teachers and principals to search students’ cellphones
pulled their proposal Wednesday.

Brought by the Association of
California School Administrators, Assembly
Bill 165 seeks to exempt students from recently enacted digital privacy
protections against warrantless cellphone and electronic device searches. Critics warned the bill could “sledgehammer”
the Fourth Amendment and open up millions of K-12 students to unfettered school
and government searches.

“This bill has massive
ramifications to the privacy of 6 million students and families,” said Nicole
Ozer, of the American Civil Liberties Union of California.

As noted in recent months, we’ve reached that unhappy stage
where we are seeing an average of one or
more breach disclosures every day. If this just represented greater transparency,
that would be great, but it may also represent an increase in the number of
breaches.

On a positive note: almost all of the entities for whom we
had date of breach or discovery and date of report reported their breaches
within 60 days from date of discovery. Protenus
understandably wonders whether that could indicate that a recent $475,000
settlement between HHS and Presence Health over late notification might be
getting entities more calendar-conscious.

Some breaches are still taking too long to discover,
however, as three breaches that were first
disclosed in March had gone undetected for more than one year. Two of those three incidents involved
insider-wrongdoing.

As in past months, insider breaches represented a significant
percentage (44%) of all reported incidents, but did not account for the bulk of
breached records. As we have seen
before, hacking accounted for a smaller percentage of incidents but a larger
percentage of breached records. This
month, there were 11 reports to HHS submitted as “Hacking/IT incidents.” Four of those entities specifically
described their hacking incidents as ransomware incidents in their
notifications. A fifth entity declined
to answer the question of whether their incident involved ransomware. Several other entities reported “hacking”
incidents, but did not respond to inquiries from this site requesting more
information.

Who defines the targets?Would the US, France, and Russia agree on what is fake?

Facebook said on Thursday it is taking action against tens
of thousands of fake accounts in France as the social network giant seeks to
demonstrate it is doing more to halt the spread of spam as well as fake news,
hoaxes and misinformation.

The Silicon Valley-based company is under
intense pressure as governments across Europe threaten new laws unless Facebook
moves quickly to remove extremist propaganda or other content illegal
under existing regulation.

Social media sites including Twitter, Google's YouTube,
and Facebook also are under scrutiny for their potential to be used to
manipulate voters in national elections set to take place in France and Germany
in coming months.

In a blog post, Facebook said it was
taking action against 30,000 fake accounts in France, deleting them in some,
but not all, cases. It said its priority
was to remove fake accounts with high volumes of posting activity and the
biggest audiences. [Fake accounts have real audiences?Bob]

…For example, the
company said it is using automated detection to identify repeated posting of
the same content or an increase in messages sent by such profiles.

Automating your protest?What if this App is downloaded a million times?

United Airlines has been the topic of a pretty steady stream
of bad press.Following a viral video
of a man forcibly removed from a United Airlines flight, somehow someone got stung by a scorpion on a United flight, and today
DropUnited launched.

DropUnited
is a Chrome extension that removes
United Airlines flights from your flight searches.

In Florida v. Jardines
(2013), the U.S. Supreme Court held that a front porch is a Fourth Amendment
protected area but that there is an “implied license” allowing the police to
walk up to the front door and knock in at least some cases. If the police are just coming to talk to the
homeowner, the court concluded, that’s within the implied license and no Fourth
Amendment search occurs. Homeowners
implicitly consent to people coming to knock on the door and talk to them; that’s why they have doorbells. On the other hand, if the police are bringing
a drug sniffing dog to smell for drugs, that is outside the implied license. People don’t implicitly consent to people
coming to search them, and bringing a drug-sniffing dog to the front porch is a
clear objective sign that the officers intend to search them. Coming to the front porch with a drug-sniffing
dog is therefore a search, and the police ordinarily can’t do that without a
warrant.

Now consider this question: How
does Jardines apply when properties have “no trespassing” signs
posted?

The Democratization of Machine Learning: What It Means for
Tech Innovation

…The
democratization of ML gives individuals and startups a chance to get their
ideas off the ground and prove their concepts before raising the funds needed
to scale.

But access to data is only one way in which ML is being
democratized. There is an effort
underway to standardize and improve access across all layers of the machine
learning stack, including specialized chipsets, scalable computing platforms,
software frameworks, tools and ML algorithms.

Cognitive computing and artificial
intelligence (AI) are spawning what many are calling a new type of
industrial revolution. While both
technologies refer to the same process, there is a slight nuance to each. To be specific, cognitive uses a suite of many
technologies that are designed to augment the cognitive capabilities of a human
mind. A cognitive system can perceive
and infer, reason and learn. We’re
defining AI here as a broad term that loosely refers to computers that can
perform tasks that once required human intelligence. Because these systems can be trained to
analyze and understand natural language, mimic human reasoning processes, and
make decisions, businesses are increasingly deploying them to automate routine
activities. From self-driving cars to
drones to automated business operations, this technology has the potential to
enhance productivity, direct human talent on critical issues, accelerate
innovation, and lower operating costs.

Yet, like any technology that is not properly managed and
protected, cognitive systems that use humanoid robots and avatars — and less
human labor — can also pose immense cybersecurity vulnerabilities for
businesses, compromising their operations.

Another billion dollar company none of my students have
ever heard of…

Yext wasn't quite a unicorn as a private software company.
After its first day trading on the New
York Stock Exchange, it's even better: a $1 billion public one instead.

…Yext is betting
that it can become the leader in what its chief executive calls, somewhat
grandly, "digital knowledge management." With micro-services booming to help us find
the answers to questions from where to eat, how to find the right expert for a
problem or when a business opens, Yext wants to be the layer of common
information that ensures a business's correct information is conveyed the same
across Google, a phone app or over Siri and Alexa.

How Tight-knit and Individualistic Communities Adopt New
Technologies Differently

…Sometimes
tight-knit groups have an advantage; other times, they are actually at a
disadvantage. The difference comes down
to the type of technology being spread. Is
it a “low threshold” technology that is valuable even without a large number of
adopters, such as computers or agricultural innovations, or is it “high
threshold,” like a messaging app, which needs lots of adopters at once?

…In Mexico, which
consists of highly cohesive communities, 78 percent of the population used
instant messaging apps in 2013 compared with just 23 percent of the U.S.
population, which is ranked as one of the most individualistic societies.

Entry to national parks in the United States is free each of the next two weekends. If there is a national park near you, go out
and explore. Bring your phone to take
some pictures. Otherwise put it down and
take in the experience. Better yet, skip
the phone all together and use a good old camera to take some pictures.

If there aren't any national parks near you, you can still
explore them through some nice online resources. National Parks virtual tours are available in
the Google Arts & Culture apps for Android and iOS. If you have VR headsets available to you, take
a look at Google Expeditions virtual tours of the "hidden
treasures" of National Parks.

Interesting!Want
to share new technology? $0.00Want to
complain about your grade?$99.99 (and
the answer will still be NO)

…“We think
money is a good proxy of saying ‘I really want to reach you’,” says Gupta. Users set their own pricing for receiving
messages (think something like $.50 or $1). They also set what topics they’re interested
in hearing about. Messages about things
you’re interested in are free for other users to send. If someone wants to message you about
something else, they’ll have to pay. Money
only exchanges hands when you respond. You can take the cash for yourself, or choose
to have it go directly to a charity like the ACLU or code.org.
You can also cap your inbox for the
week, so you only receive 10 messages instead of 50.

Thursday, April 13, 2017

Imagine sitting at home on your couch, watching
television, and a rather innocuous advertisement from Burger King comes on. A young male Burger King employee looks
directly into the camera and tells you that 15 seconds isn't enough time to
explain all the ingredients in the Whopper sandwich. The camera pulls in close, and he says,
"Okay Google, what is the Whopper burger?"

The Google Home device near your TV will
then respond, "The Whopper is a burger, consisting of a flame-grilled
patty made with 100% beef with no preservatives or fillers, topped with sliced
tomatoes, onions, lettuce, pickles, ketchup, and mayonnaise, served on a
sesame-seed bun." That is the first
sentence for the Wikipedia entry for the Whopper.

It is also an advanced (and a bit creepy)
new twist in the future of advertising for brands like Burger King, which is a
fast-food concept owned by Restaurant Brands. Burger King says the new ad is a national
campaign that will intentionally trigger the artificial intelligence technology
of Google Home devices to search "Whopper Sandwich."

Amazon.com is embracing artificial intelligence to deliver
goods more quickly, enhance its voice-activated Alexa assistant and create new
tools sold to others through its cloud-computing division, Chief Executive
Officer Jeff Bezos said in his annual shareholder letter.

Changes ushered in by artificial
intelligence and machine learning will help the companies that embrace them and
put up barriers for those who don’t, the world's second- richest man
wrote in a 1,700-word letter released Wednesday.

The hack also prompted the city to evaluate critical
systems for potential vulnerabilities, City Manager T.C. Broadnax said in a statement late Monday. City officials are reviewing
security for financial systems, a flood warning system, police-fire dispatch
and the 911/311 system.

Is it now “cool” to claim you were hacked by Russia?There is a difference between “We’ve been
hacked” and “Russia change the election results.”

…"There is
no evidence to suggest malign intervention. We conducted a full review into the outage and
have applied the lessons learned. We
will ensure these are applied for all future polls and online services."

Several EU and NATO countries on Tuesday signed up to
establish a center in Helsinki to research how to tackle tactics such as cyber
attacks, propaganda and disinformation.

The United States, Britain,
France, Germany, Sweden, Poland, Finland, Latvia and Lithuania signed the
Memorandum of Understanding for the membership, and more countries are due to
come on board in July.

…Finland
last year voiced concern about what it sees as an intensifying propaganda
attack against it by the Kremlin. Germany has also reported a rise in Russian
disinformation campaigns and targeted cyber attacks.

Anthem to data breach victims: Maybe the damages are your own
darned fault

Insurance giant Anthem has effectively scared off possible
victims of a 2015 data breach by asking to examine their personal computers for
evidence that their own shoddy security was to blame for their information
falling into the hands of criminals.

Some of the affected Anthem customers sued for damages
they say resulted from the breach but then withdrew their suits after Anthem
got a court order allowing the exams.

The examiners would be looking only for evidence that
their credentials or other personal data had been stolen even before the Anthem
hack ever took place, according
to a blog by Chad Mandell, an attorney at LeClairRyan.

“If that proved to be true, it would call into question
whether the plaintiffs’ alleged injuries had truly been caused by the Anthem
hack,” he writes.

Is this based on the discovery of potential terrorist or a
need to be seen “doing something?”Has
anyone asked to see the results of these searches?

New statistics released Tuesday by U.S. Customs and Border
Protection reveal that the rate of
digital border searches is on pace to quadruple since 2015. That means more and more travelers entering
the U.S. are being asked to turn over their electronic devices to be analyzed.

The increase appears to have begun even before President
Donald Trump’s promise to scrutinize incoming visitors with “extreme vetting” measures,
some of which included stepping up digital surveillance. And if Trump’s cabinet gets its way, the trend
may accelerate further. Earlier this
year, John Kelly, the secretary of homeland security, told a House committee
that foreign visitors should have to give up their online
passwords and submit to social-media searches if they want to enter the
United States.

In the last six months, nearly 15,000 travelers had one of
their devices searched at the border. Compare
that to just 8,503 between October 2014 and October 2015, or 19,033 the
following year.

…The agency says
the steady increase in searches reflects “current threat information,” but a
spokesperson wouldn’t elaborate on the specific reasons for the trend. Asked for an example of the kind of cases that
digital border searches help solve, the spokesperson pointed to a Vermont man
who was arrested in February
for allegedly having sex with a 13-year-old girl. Border agents stopped the pair as they tried
to enter the U.S. from Canada, and inspected the girl’s phone. There, they found texts suggesting a sexual relationship
with the 25-year-old man.

Interesting article.Devices that monitor an athlete could help extend his career or end it
before it begins.

The FBI obtained a secret court order last summer to monitor the communications [Wiretap?Bob] of an adviser to presidential
candidate Donald Trump, part of an investigation into possible links between
Russia and the campaign, law enforcement and other U.S. officials said.

If you’re on Twitter, there’s a good chance you’re trying
to get more followers, retweets, and favorites. Maybe you’re the social media
marketer at a company. Maybe you’re
trying to a develop a personal
brand. Or you just want to get some free stuff.

Whatever the reason, you want to get more traction — and
Twitter analytics can help you get it. Here’s
why those analytics are so helpful, what you should look for, and how to find
it.

(Related).Question:
Is there a market for Social Media advisors who can boost your following?Is that a thing?

These world leaders are killing it on Instagram: India’s
Prime Minister, Trump, and the Pope

In recent years, President Obama was the undisputed Instagram champ
among world leaders, with 13.9 million followers. But with Obama shuffling off the stage, which
global kingpin reigns supreme on the photo sharing app?

According to a study
released today by PR firm Burson-Marsteller, it’s India’s Prime Minister Narendra Modi, with 6.8
million followers as of April 1. Finishing
a close second, but doing his best to Make Instagram Great Again, is President Donald Trump, with 6.3
million followers. Burson-Marsteller
notes that combined, those top two still have fewer followers than Obama.

Thuy T. Pham, U. of Sydney. “This post updates a previous very
popular post 100 Active Blogs on Analytics, Big
Data, Data Mining, Data Science, Machine Learning as of March 2016 (and 90+ blogs, 2015 version). This year we removed 26 blog sites from the
previous list that does not meet our active criterion: at least one blog
in the last 3 months (since Oct 1, 2016). We also added ten new relevant blogs to the
list. All blogs in this list are
categorized into two groups: very active and moderately active. The former often have several entries each
month while the latter may only have one post for a few months recently. We also separate blogs that do not involve
much in technical discussions as in a Others group. Within each group of blogs, we list in
alphabetical order. Blog overview is
based on information as it have appeared on its URL as of 1-1-2017.”

I have a dream: My very own “anti-social” network!Someplace to go all ‘Don Rickles’ on my
students.

"Mastodon is a free,
open-source social network. A
decentralized alternative to commercial platforms, it avoids the risks of a
single company monopolizing your communication. Pick a server that you trust—whichever you
choose, you can interact with everyone else. Anyone can run their own Mastodon instance and
participate in the social network seamlessly."

Google wants to help you get in touch with your inner
Picasso. Today, it's launching AutoDraw, a web-based tool that uses
machine learning to turn your hamfisted doodling into art.

…The app is free and it works on any phone, computer or
tablet. It's pretty
straightforward: draw your best version of a cake, for example, and the auto
suggestion tool will try to guess what that amorphous blob actually is. Then, you can choose from a number of better
looking cakes made by talented artists. Or,
if amorphous blob is actually what you were striving for, you can turn off the
auto suggestions and doodle away.

— The list of entities reporting that employee W-2
data was acquired by phishing.–

Last year, this site compiled 145 W-2
phishing incidents before I somewhat waved a white flag in terms of trying
to keep up, but as I started working on this year’s list, I found even more
cases from 2016, bringing the 2016 list to 175 reports.

…But there is
plenty of evidence that, like the billions of other connected devices that make
up the Internet of Things (IoT), the growth of robot technology is coming with
loads of features, but not much of a security blanket.

Those included the predictable list: Insecure
communication channels, critical information sent in cleartext or with weak
encryption, no requirement for user names or passwords for some services, weak
authentication in others, and a lack of sufficient authorization to protect
critical functions such as software installation or updates.

All of which would allow, “anyone to remotely and easily
hack the robots, … install software in these robots without permission and gain
full control over them.”

Do they see his as the opportunity to invest they missed
with Amazon or as a way to slow Amazon’s growth?

Indian e-commerce startup Flipkart Group has raised $1.4
billion from Microsoft Corp., eBay Inc. and Tencent Holdings
Ltd, taking a hit to its valuation to raise the cash it needs to defend its
home market from Amazon.com Inc.

Flipkart—which was started in 2007 by two former Amazon employees—said
in a statement Monday that the new investment values the Bangalore company at
$11.6 billion. That allows Flipkart to
retain its title as India’s most valuable startup but is still a step down from
the $15 billion valuation it received during fundraising in 2015.

The iPhone continues to be the most popular smartphone
among teens, according to data gathered by investment firm Piper Jaffray in its
most recent semiannual U.S. teen survey.

76 percent of teens surveyed own an iPhone, up from 69
percent in the spring of 2016, and the highest ownership level seen in the teen
survey. A record 81 percent of teens
surveyed said they expect their next phone to be an iPhone, up from 75 percent
a year ago.

The California-based luxury electric vehicle company,
which calls itself the “Quickest production car on earth,” has just outpaced
General Motors (GM) in market
value — something I
told you a week ago was poised to happen. Admittedly, I didn’t think it would come this
quickly.

…The bigger story
here is the enormous belief investors have placed in the promises Tesla CEO
Elon Musk has made, which by contrast renders the slow-growing GM and Ford —
despite dominating Tesla in total vehicle sales — to “used car” status. Reuters
noted that Tesla’s market cap — which peaked Monday at $51.105 billion — is now
the equivalent to $102,000 for every car it plans to make in 2018,
or $667,000 per car sold in 2016. This
compares to GM's market cap which is equivalent to $5,000 per car it sold in
2016.

New York State has passed legislation that would create
the largest experiment in the country to offer free tuition at two- and
four-year colleges. The Excelsior
Scholarship, approved over the weekend as part of the state budget, would cover
full-time students in the State University of New York system, which totals 64
campuses and 1.3 million students.

…Students from
families making up to $100,000 a year would be eligible in the program's first
year, and by the third year that would increase to $125,000 a year.

Germany is trying to beef up its cyber defense, after the
interior minister called for rules that allow nations to attack foreign hackers
targeting critical infrastructure.

…“We need
international rules, but also in Germany, that besides protection and defense
enable the tracing and also -- if needed -- the elimination of a foreign
server,” De Maiziere told ARD in an interview Sunday.

To help my Computer Security students think about “Access.”
And a point to consider for any
government health care system?

Gah. Soooo many leaks and breaches are due to default
settings that over-share. How hard is it
for software to set default settings to NOT share with everyone? C’mon, folks.

Sue Dunlevy reports:

THE private health records of
Australians can be accessed by more than half a million people under the latest
bungle with the $2.2 billion electronic My Health Record.

News Corp Australia has learned
that the privacy settings on the government’s computerised My Health Record, which lists
every medicine a patient takes and records every medical visit and procedure,
are automatically set on “universal
access”.

This means every registered
health practitioner in the nation — 650,000 people — can view them, not just the family GP, unless the patient
specifically requested to opt out.

…Security hound KrebsOnSecurity
heard from two unnamed sources in the financial industry that they received
alerts from a credit card processor indicating that GameStop was likely hacked
sometime between mid-September 2016 and the first week of February 2017.GameStop did not deny that its systems might
have been breached, telling the security blog that it has hired a professional
security firm to look into the matter.

…It is believed that hackers were able to obtain credit card
numbers, expiration dates, names, addresses, and card verification values (CVV2
codes), which are those three-digit (usually) numbers found on the back of
credit cards.

The hackers responsible may have
used special software (malware) to
record and transmit CVV2 codes before they get encrypted. Otherwise, it would be difficult to obtain
that data, as web retailers are now allowed to store CVV2 codes.

…some crafty
beings took advantage of the mobile emergency alert system to warn of, of all
things, a zombie apocalypse.It's hard to call an attack like that
malicious, but what it proves is that if someone did want to send out a
malicious message of some sort, this non-malicious message proved that it would
be possible.

…At this time,
Dallas police have not been contacted about the issue, but the FCC has
been.Engineers are working to figure
out just how this breach could have occurred, but it's currently believed that
the attack was a local one, and not performed outside of the area, which will
hopefully make it easier to track down.

An alleged Russian hacker has been detained in Spain at
the request of American authorities, an arrest that set cybersecurity circles
abuzz after a Russian broadcaster raised the possibility it was linked to the
U.S. presidential election.

…Such arrests
aren’t unusual — American authorities typically try to nab Russian cybercrime
suspects abroad because of the difficulty involved in extraditing them from Russia
— but Levashov’s arrest drew immediate attention after his wife told Russia’s
RT broadcaster that he was linked to America’s 2016 election hacking.

…She said that
when she spoke to her husband on the phone from the police station, he told her
he was told that he had created a
computer virus that was “linked to Trump’s election win.” [I think they mean
SPAM.Bob]

A lesson for my Computer Security students.How does ignoring a problem make it go away?

Senior Wells Fargo & Co. managers failed to heed
warnings of spreading sales abuses for more
than a decade, treating thousands of fired employees as rogues, and
then downplayed the mounting terminations as the board began raising questions.

That’s the picture painted by a panel of independent
directors in a 113-page report after six months reviewing how branch workers
opened legions of accounts without customer permission.

…their findings
also prompted the board to claw back an additional $28 million from former
Chief Executive Officer John Stumpf for allegedly reacting too slowly.

This will become more interesting as we start using more
connected devices (e.g. Smart cars.)

When old technology broke, you could fix it yourself or
get a guy down the road to do it for you.If that failed, you could find a repair shop
that would get the job done for much less than going straight to the
manufacturer.With newer products, those
options are disappearing.It is
now often impossible to fix our own stuff.

This change was not accidental.Companies deliberately design products to
prevent us from finding replacement parts.They don’t even make information available to repair shops.Manufacturers have actively undermined our
right to repair what we buy, and in doing so, they’ve called into question
whether we truly own our purchases at all. Increasingly, the answer is no.

This change places a financial burden on us, restricts
market freedom, and does lasting damage to the environment. In response, a growing number of people are
demanding a change. They are
insisting that our right to repair be enshrined in law.

U.S. Immigration Agency Will Lose Millions Because It Can’t
Process Visas Fast Enough

Lost amid the uproar over the Trump administration’s crackdown
on undocumented immigrants is a change coming to the legal immigration system
that’s expected to be costly for both U.S. companies and the government itself.

…The new wrinkle
is that earlier
this week USCIS suspended so-called “premium processing,” a program that
allowed employers to pay extra to reduce visa wait times from as long as eight
months to just two weeks.

Officials have depicted the temporary stoppage as the
upshot of a “significant surge” in demand for expedited service, but, in
reality, it appears to reflect the agency’s own mismanagement and waste.

According to USCIS records, congressional testimony and
interviews with former agency officials, USCIS has plunged most of the
expedited program’s revenues from the last eight years — some
$2.3 billion — into a failed
effort to digitize the larger immigration system, leaving inadequate
resources to staff the H-1B portion that was its cash cow.

…Pausing
expedited service is likely to cause delays for tens
of thousands of applicants for new visas, mainly workers at universities or
research organizations, as well as foreign
doctors who receive H-1Bs in exchange for working in areas that are
medically underserved, according to USCIS data.

It’ll also cost USCIS up
to $100 million in lost fees, agency spokeswoman Carolyn Gwathmey
acknowledged.

Donald Trump's travel expenses in 10 weeks cost US taxpayers
as much as Barack Obama spent in two years

Donald Trump’s trips to his luxury Florida resort have
already cost the US taxpayer at least $24 million (£19.2 million) - roughly as
much as Barack Obama spent on travel in the first two years of his presidency.

Mr Trump has spent seven weekends at Mar-a-Lago since taking office ten weeks
ago. It is estimated that each of these
trips costs at
least $3 million (£2.4 million), covering the President’s extensive security
detail.

Chronicle of Higher Education: “Open-access advocates have
had several successes in the past few weeks. The Bill & Melinda Gates Foundation
started its own open-access publishing platform, which the European Commission may replicate. And librarians attending the Association of
College and Research Libraries conference in March were glad to hear that the Open Access Button, a tool that
helps researchers gain free access to copies of articles, will be integrated
into existing interlibrary-loan arrangements. Another initiative, called Unpaywall,
is a simple browser extension, but its creators, Jason Priem and Heather
Piwowar, say it could help alter the status quo of scholarly publishing…Like the Open Access Button, Unpaywall is
open-source, nonprofit, and dedicated to improving access to scholarly
research. The
button, devised in 2013, has a searchable database that comes into play
when a user hits a paywall. Unpaywall,
by contrast, has focused on creating a browser extension. “We want to do just one thing really well:
instantly deliver legal, open-access, full text as you browse,” says Mr. Priem,
who also started the altmetrics site Impactstory with Ms. Piwowar. When an Unpaywall user lands on the page of a
research article, the software scours thousands of institutional repositories,
preprint servers, and websites like PubMed Central to see if an open-access
copy of the article is available. If it
is, users can click a small green tab on the side of the screen to view a PDF. we’re able to deliver an OA copy to users more
than half the time,” says Mr. Priem…”

An RSS reader may be old-fashioned, but it’s still the
best way to tame the information that bombards us every day — and Feedly is still one of the
most popular RSS readers around.Though
it has Pro and Team plans with
power features, you can still do
a lot with a free Feedly account.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.